5 Hacker Tools

This is a follow-up to an earlier post on Security Tools. An article in Information Security magazine in September 2005 described five hacker tools that security experts should have:

Wikto: Web Server Assessment Tool

Wikto can be used to quickly and easily perform web server assessments. Wikto is not a web application scanner. It is totally unaware of the application (if any) that’s running on the web site. So – Wikto will not look for SQL injection problems, authorization problems etc. on a web site. It is also not a network level scanner – so it won’t try to find open ports, or see if the web site is properly firewalled. Wikto rather operates between these two levels – it tries to, for instance, find interesting directories and files on the web site, it looks for sample scripts that can be abused or finds known vulnerabilities in the web server implementation itself. Wikto is not just Nikto for Windows. The Nikto scan is only of its many functions (and it does the Nikto scans totally different than Nikto does).

Paros Proxy

Paros is used for web application security assessment. "Paros" for people who need to evaluate the security of their web applications. It is free of charge and completely written in Java. Through Paros's proxy nature, all HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted and modified.

Cain & Abel

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol's standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some "non standard" utilities for Microsoft Windows users.

WinFingerprint

WinFingerprint is an administrative network resource scanner that allows you to scan machines on your LAN and returns various details about each host. This includes NetBIOS shares, disk information, services, users, groups, and more. You can choose to perform a passive scan or interactively explorer network shares, map network drives, browse HTTP/FTP sites and more. Scans can be run on a single host or the entire network neighborhood. You can also input a list of IP addresses or specify a custom IP range to be scanned. Additional features include NULL IPC$ Sessions, detection of Service Pack and Hotfixes, ICMP and DNS Resolution, OS detection and much more. Winfingerprint can utilize Active Directory (ADSI) or Windows Management Instrumentation (WMI) interfaces in addition to the standard SMB (NetBIOS over TCP) interface.

 

Wellenreiter

Wellenreiter is a wireless network discovery and auditing tool. Prism2, Lucent, and Cisco based cards are supported. It is the easiest to use Linux scanning tool. No card configuration has to be done anymore. The whole look and feel is pretty self-explaining. It can discover networks (BSS/IBSS), and detects ESSID broadcasting or non-broadcasting networks and their WEP capabilities and the manufacturer automatically. DHCP and ARP traffic are decoded and displayed to give you further information about the networks. An ethereal/tcpdump-compatible dumpfile and an Application savefile will be automaticly created. Using a supported GPS device and the gpsd you can track the location of the discovered networks. NO!, hosap drivers actualy don't work in the perl version.

 

Advertisements

Steve Mullen has been involved in information technology for over 35 years. He is also actively involved in the music program (voice and English hand bells) and Vestry of St. Anne’s Episcopal Church in Damascus, MD.

Posted in Blog, Security, Technology

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories
June 2006
M T W T F S S
« May   Jul »
 1234
567891011
12131415161718
19202122232425
2627282930  
%d bloggers like this: